package com.chinabank.web.aop;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.chinabank.model.Account;
import com.chinabank.model.Permission;


public class StudentInterceptor extends HandlerInterceptorAdapter  {

	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {

		response.setHeader("Cache-Control", "no-store");
		response.setHeader("Pragrma", "no-cache");
		response.setDateHeader("Expires", 0);
		System.out.println("\n从控制器入拦截器\n");
		// 链接来源地址
		String referer = request.getHeader("referer");
		System.out.println("\n\nreferer:" + referer + "\n\n");

		// URI
		String request_uri = request.getRequestURI();// 得到用户请求的URI
		String ctxPath = request.getContextPath();// 得到web应用程序的上下文路径
		String url = request_uri.substring(ctxPath.length()); // 去除上下文路径，得到剩余部分的路径
		System.out.println("\n\nurl:" + url + "\n\n");

		if (url.indexOf("login.do") != -1)// 对login.do放行
		{

			return true;

		}
		boolean authentificated = false;
		Account account = (Account) request.getSession(true).getAttribute(
				"account");
		if (account == null) {
			System.out.println("\n\n account=null\n\n");
			response.sendRedirect("public/403.html");
			return false;

//		} else {
//			List<Permission> ps = account.getMyGroup().getPermissions();
////           for(Permission pp : ps)
////            {
////            	System.out.println("\n\nThe Permission:"
////            			+ pp.getUrl()+ "\n\n");
////            }
//			Permission ppp = ps.get(0);
//			System.out.println(ppp.getUrl());
		}
		
		// 开始检查该用户角色是否有权限访问 uri

//		if (!authentificated) {
//			throw new RuntimeException(new AccountException(
//					"您无权访问该页面。请以合适的身份登陆后查看。"));
//		}
		
		return true;
	}

	public void postHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler, ModelAndView mav)
			throws Exception {

		System.out.println("从控制器出拦截器，跳入前台页面！");
        
	}
}
